12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ?

Part 3 E C S A ~ Try to Grab

MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A

SULTAN SULTAN

PART 3

Gary has built an application that can help users transfer files between any two applications present on the mobile device or to another mobile device. This application uses the principle of application
to application communication for information exchange.
Which of the following processes is the application dependent on?
Fuzzers
Debug bridges
Intents
Binäries

Joseph is performing an internal pen test for one of his clients. He wants to crack the password for of the system login, Joseph has got a meterpreter session to the target machine and was able to
successfully dump the password hashes.
Which of the following password attacks will Joseph perform so he discovers the clear text password without triggering the system lockout?
Rainbow attack
Dictionary attack
Brute force attack
Phishing attack

Dale is a network admin working in Zero Faults Inc. Recently the company's network was compromised and is experiencing very unusual traffic. Dale checks for the problem that compromised the
network. He performed a penetration test on the network's IDs and identified that an attacker sent spoofed packets to a broadcast address in the network.
Which of the following attacks compromised the network?
ARP Sporofing
MAC Spoolfing
Session hiljacking
Amplification attack

Watson works as a Penetrating test engineer at Neo Security Services. The Company found its wireless networks operating in an unusual manner, with signs that a possible cyber attack might have
happened. Watson was asked to resolve this problem. Watson starts a wireless penetrating test, with the first step of discovering wireless networks by war-driving. After several thorough checks, he
identifies that there is some problem with rogue access points and resolves it. Identifying rogue access points involves a series of steps.
Which of the following arguments is NOT valid when identifying the rogue access points?
If any new AP which is not present in the authorized list of APs is detected, it would be considered as a rogue AP
If a radio media type used by any discovered AP is not present in the authorized list of media types, it is considered as a rogue AP
If the radio channel used by any discovered AP is not present in the authorized list of channels, it is considered as a rogue AP
If the MAC of any discovered AP is present in the authorized list of MAC addresses, it would be considered as a rogue AP

Analyze the hping3 output below and mark the correct statement.

a. The result shows that beta.search.microsoft.com webserver is behind two firewalls

b. The result shows that beta.Search.microsoft.com is not available for public access
c. The result shows that beta.search.microsoft.com is intermittently unavailable
d. The result shows that beta.search.microsoft.com is handled by two machines behind a load balancer

In a 3-way handshake process before TCP Communication, host A sends a SYN packet to host B with a sequence number 4444. Host B replies to the SYN packet with a SYN+ACK packet.
What will be the sequence number of the SYM+ACK packet?
The sequence number of the SYM+ACK packet is independent of the sequence number of the SYN packet, and cannot be deduced from the above information
4445

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 1/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

4443
4444

Mike, was asked by his Information Security Office to recommend a firewall for the Company's internal network which works at the network level of the OSI model. The firewall must filter the
network traffic based on specified session rules, such as when a session is initiated by a recognized Computer.
Which of the following firewall types should Mike recommend to his Information Security Office?
Circuit Level Gateway
Stateful Multilayer Inspection Firewal
Packet Filtering Firewall
Application Level Firewall

Veronica, a penetration tester at a top MNC Company, is trying to breach the company's database as a part of SLQi penetration testing. She began to use the SLQi techniques to test the database
security level. She inserted new database Commands into the SQL statement and appended a SQL Server EXECUTE Command to the vulnerable SQL statements.
Which of the following SQLi techniques was used to attack the database?
File inclusion
Code injection
Buffer Overflow
Function call injection

Analyze the WSDL document below:

Thomas, a pentester, enters a tick mark (‘) for user name. What Thomas is trying to achieve?
The tick mark (‘) will help Jason to extract the underlying database
The tick mark(‘) will result in error and Jason can gather information about the web service
The tick mark (‘) will enable Jason to extract usernames of all the users using the web service
The tick mark (‘) will result in buffer overflow and crash the web service

During scanning of a test network, Paul sends TCP probe packets with the ACK flag set to a remote device and then analyzes the header information (TTL and WINDOW field) of the received RST
packets to find whether the port is open or closed.
Analyze the scanning result below and identify the open port.

Port 23
Port 21
Port 20
Port 22

Analyze the ICMP packet below and mark the correct statement.

It is a ping request, but the destination port is unreachable

It is a ping packet that requires fragmentation, but the Don't Fragment flag is set
It is a ping request, but the destination network is unreachable
It is a ping response, when the destination host is unknown

Christine works as a network security auditor with Xsecurity, a large security assessment firm based out of San Francisco. During a security audit of a client organization, Christine tests some of the
network switches for an ARP flooding attack. She tries to flood the ARP Cache of the switches.
What happens when an ARP cache flood is successful?
The switches will start working as a proxy and route all traffic to the broadcast address.
The switches will drop into hub mode if the ARP Cache is successfully flooded.
If the ARP Cache is flooded, the switches will startworking as a router, making it less susceptible to attacks.
Depending on the switch manufacturer, the device will either delete every entry in the ARP cache or reroute packets to the nearest switch.

A Company asked Smith to perform a penetration on its subsidiary network to find vulnerabilities. Smith focused the penetration test on any vulnerabilities to exploit the Company's TDS. He used the
following Command to trick the TDs and successfully bypassed the TDS to the network: HEAD/cgi-bin/some.cgi
Which one of the following techniques did Smith use to identify the vulnerability?
Reverse Traversal
Pattern Matching
Signature Matching
Method Matching

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 2/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

George, a freelance Security Auditor and Penetration Tester, was working on a pen testing assignment for Xsecurity, George is an ECSA certified professional and was following the LFT methodology
in performing a comprehensive security assessment of the company. After the initial reconnaissance, scanning and enumeration phases, he successfully recovered a user password and was able to log
on to a Linux machine located on the network. He was also able to access the etc/passwd file; however, the passwords were stored as a single "x" character.
What will George do to recover the actual encrypted passwords?
George will perform sniffing to capture the actual passwords
George will perform a password attack using the pre-Computed hashes also known as a rainbow attack
George will perform replay attack to collect the actual passwords
George will escalate his privilege to root level and look for fetc/shadow file

A company has asked a security professional, William to analyze one of its client's networks, which was apparently compromised recently. William performed a penetration test to identify the
vulnerability which allowed the attack. He used a buffer overflow exploit to Carry some hidden malicious code in encrypted format bypassing the IDs and Compromised the network.
Which of the following techniques did William use to bypass the TDS and penetrate through the network?
signature Encoding
Unicode Evasion
Polymorphic Shellcode
Fing Flooding

James is a security consultant at Big Frog Software Pvt Ltd. He is an expert in Footprinting and Social engineering tasks. His team lead tasked him to find details about the target through passive
reconnaissance. James used websites to check the link popularity of the client's domain name.
What information does the link popularity provide?
Information about visitors, their geolocations, etc.
Information about the network resources
Information about the server and its infrastructure
Information about the partners of the organization

Sam is auditing a web application for SQL injection vulnerabilities. During the testing, Sam discovered that the web application is vulnerable to SQL injection. He starts fuzzing the search field in the
web application with UNION based SQL queries, however, he realized that the underlying WAF is blocking the requests. To avoid this, Sam is trying the following query:
UNION/**/SELECT/**/’/**/OR/**/1/**/=/**/1
Which of the following evasion technique is Sam using?
Sam is using char encoding to bypass WAF
Sam is manipulating white spaces to bypass WAF
Sam is using inline Comments to bypass WAF
Sam is using obfuscated code to bypass WAF

Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to check for vulnerabilities in the SQL database. Christen wanted to perform SQL
penetration testing
on the database by entering a massive amount of data to crash the web application of the company and discover coding errors that may lead to a SQL injection attack.
Which of the following testing techniques is Christen using?
Union Exploitation
Automated Exploitation
Fuzz Testing
Stored Procedure Injection

Smith is performing a black-box test for one of his clients. He successfully gained a SSH shell and write access to the tmp directory on a Unix web server. This directory did not have any sensitive
information stored in
it and was therefore not locked down. Smith, however, was able uploada.shtml web page containing the following include statement:
<!--- #execCmd="/bin/cat/etc/passwd" --->
What Smith is trying to do?
Smith is performing directory traversal to steal the etc/passwd file from the webserver
Smith is trying to bruteforce password hashes stored in the machine
Smith is trying to escalate his privileges on the webserver machine
Smith is using Server Side Includes (SSI) to execute a malicious Command on the server

How does OS Fingerprinting help you as a pen tester?

It defines exactly what software the target has installed
It opens a security-delayed window based on the port being scanned
It helps to research vulnerabilities that you can use to exploit on a target system
It doesn't depend on the patches that have been applied to fix existing security holes

As part of his job role as a Network administrator of a multi-national company, Steve needs to perform penetration tests of mobile devices used under the Company's BYOD policy. He chooses the
proxy tools Fiddler
and Faros to perform penetration testing.
Which part of the mobile penetration testing methodology has he taken up?
Android debug bridge testing

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 3/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

server-side infrastructure pen testing

Application penetration testing
Communication channel penetration testing

Which Oracle database listener mode provides network access to an Oracle database instance?
Database
Executable
PLSExtProc
Tinsinsr

Xsecurity Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the
Company. However, Xsecurity does not have the required resources or capabilities to perform a vulnerability assessment. They decide to hire services of a company that will perform a periodic
vulnerability assessment and present reports for management to implement remediation.
What vulnerability assessment approach is Xsecurity following?
Inference-based Assessment
Product-based Assessment
Service-based Assessment
Tree-based Assessment

During the reconnaissance phase of a penetration test, you discovered that the client has deployed a firewall that only checks the TCP header information. Which of the following techniques would
you use to bypass the firewall?
Bypassing the firewall using the IP address in place of an URL
Bypassing the firewall using tiny fragments
Bypassing the firewall by manipulating the IPID sequence number
Bypassing the firewall source routing

Which type of penetration testing will require you to send the Internal Control Questionnaires (ICQ) to the client?
Black-box testing
White-box testing
Unannounced testing
Blind testing

George works at 3D-Networks Ltd as a Network Admin. He received an email from one of his clients stating that the client's company website has some flaws and they are receiving continuous emails
from customers about the inconveniences. While checking the web servers, he found loopholes with the DNS servers and he installed DNSSEC-Aware lookups. This made the site functional and the
client was happy with the Outcome.
What problem does a Non-DNSSEC-Aware site face?
The users will get more information than they desired.
A mischievous Internet user can cut off the request and send back incorrect information by spoofing the response.
The users commands will be delayed and the information they requested may be not delivered.
The site becomes slow and vulnerable

What is the purpose of the Traceroute command

For extracting information about closed ports
For extracting information about opened ports
For extracting information about the server functioning
For extracting information about the network topology, trusted routers, and firewall locations

Ashton is a mobile penetration tester and runs a mobile investigation firm. A company hired him to check the security of the various mobile devices used in their office. As part of the contract, Ashton
needs to perform penetration testing on the communication channel of the devices.
Which of the following steps does Ashton need to perform to complete the task?
Reverse engineering the applications
Intercepting HTTP request
Performing Penetration test of Web server/application
Reading stored data

Peter works as a lead penetration tester in a security service firm named Xsecurity. Recently, Peter was assigned a white-box pen test assignment testing the security of an IDS system deployed by a
client. During the preliminary information gathering, Peter discovered the TTL to reach the IDs system from his end is 30. Peter created a Trojan and fragmented it in to 1-character packets using the
Colasoft packet builder tool. He then used a packet flooding utility to bombard the IDS with these fragmented packets with the destination address of a target host behind the IDS whose TTL is 35.
What is Peter trying to achieve?
Peter is trying to bypass the TDS system using inconsistent packets
Peter is trying to bypass the IDS system using the insertion attack
Peter is trying to bypass the IDS system using a Trojan
Peter is trying to bypass the TDS system using the broadcast address

Which of the following pre-engagement documents identifies the systems to be tested, types of tests, and the depth of the testing?
https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 4/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Authorization Letter
Letter of Intent
Draft Report
Rule of Engagement

Smart Networks Ltd is an internet service provider based in the UK. The company hired Thomson as a penetration tester and asked him to check for vulnerabilities in one of their clients Wi-Fi
networks. He performed
Android Penetration Testing on the Wi-Fi network using the penetration testing tool. He found that the network is vulnerable and an attacker is able to gain access to some of the employees Android
mobiles devices that are connected to the network.
Which of the following penetration testing tools did Thomson use to do this?
zANTI
Evasion
Pangu
Burp suite

Edward is a penetration tester hired by the OBC Group. He was asked to gather information on the client's network. As part of the work assigned, Edward needs to find the range of IP addresses and
the subnet mask used by the target organization.
What does Edward need to do to get the required information?
Search for an appropriate Regional Internet Registry (RIR)
Search for link popularity of the Company's website
Search for web pages posting patterns and revision numbers
Search for Trade Association Directories

While auditing a web application for vulnerabilities, Donald uses Burp proxy and modifies the get request as below: http://www.juggyboy.com/GET process.php./../.. /../../../../../../etc/passwd
What Donald is trying to achieve?
Donald is modifying process.php file to extract etc/password file
Donald is trying to upload /etc/password file to the web server root folder
Donald is trying directory traversal to extract/etc/password file
Donald is trying SQL injection to extract the contents of /etc/password file

Alice is working a pentesting assignment. She succeeded instealing a secure cookiewia a XSS attack. She is able to replay the Cookie even while the session is valid on the server. Why is possible?
Any cookie can be replayed irrespective of the session status
It works because encryption is performed at the application layer (single encryption key)
The scenario is invalid as a secure cookie cannot be replayed
She passes the cookie through an HTTPS session

Alice is a senior security auditor and pentester, specializing in social engineering and external penetration tests. Alice has been hired by Xsecurity, a subcontractor for the Department of Defense. Alice
has been given authority to performall tests necessary to audit the company's network security. No employees for the company other than the IT director, know about the work Alice is doing. Alice's
first step is to obtain a list of employees through the company website contact pages. She then befriends a female employee of the company through an online chat website. After meeting with the
female employee numerous times, Alice is able to gain her trust and they become friends. One day, Alice steals the employee's access badge and uses it to gain unauthorized access to the Xsecurity
offices,
Identify the type of social engineering attack?
Vishing
Eaves dropping
Spear phishing
Insider Accomplice

Jacob is performing a vulnerability assessment of the web resources in his organization. During the scanning phase, Jacob discovered a web server is running an FTP server. Jacob performed research
on this FTP server and discovered it has a vulnerability enabling an attacker to perform directory traversal. The next step is using directory traversal attacks on the webserver.
Which type of vulnerability assessment is Jacob performing?
Passive Assessment
Inference-based Assesment
Tree-based Assessment
Zero-day Assessment

Donald is auditing a SQL Server machine for robustness. He performs parameter tampering using SQL scripts that results in the following query.

What is Donald trying to achieve?

He is trying to extract table names from the database server
He is attempting a Dos Attack against the database server using SQL injection
He is trying to extract password hashes from the database
He is trying to encrypt the Complete database

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 5/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Which of the followingWireshark options will allow you to view a HTTP packet in plain text as shown in the screenshot?

Follow HTTP Stream

Follow SSL Stream
Follow UDP stream
Follow TCP Stream

AB Cloud services provide virtual platform services for the users in addition to storage. The Company offers users with APIs, Core Connectivity and delivery, abstraction and hardware as part of the
service. What is the name of the Serwice AB Cloud Serwice.S offer?
Infrastructure as a service (IaaS)
Platform as a service (PaaS)
Software as a Service (SaaS)
Web Application Services

Sam is a penetration tester and network admin at McLaren & McLaren, based out of Washington. The company has recently deployed IPv6 in their network. Sam found problems with the protocol
implementation and tried to redeploy IPv6 over IPv4. This time, he used the tunneling mechanism while deploying the IPv6 network.
How does the tunneling mechanism Works?
It encapsulates IPv6 packets in IPv4 packets
It splits the IPv4 packets and provide a way to TPv6
It replaces IPv4 with IPv6
It transfers IP4 first and the IPv6

Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it. Which of the following tools will Michael use to
perform this task?
BlackWidow
VisualRoute
ZaprΟxγ
NetInspector

A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to the invalid requests and ignores the legitimate requests. Identify the type of attack
Side Channel attacks.
Denial of Service (DoS) attacks
Man-in-the-middle cryptographic attacks
Authentication attacks.

Paul is security analyst at Rex Security Consultation. The company asked him to investigate malicious activity in one of its client's network. Paul is trying to bypass the client's IDS. He sent some
packets with an encoded
attack payload in unicode to bypass IDs filters. He manipulated the path referenced in the signature to trick the IDs.
Which of the following techniques did Faul implement to penetrate through the client's IDS?
Obfuscation
Packet Overlapping
False-Fositive Generation
Unicode Evasion

Martin works as a professional Ethical Hacker and Penetration Tester. He is an ECSA certified professional and was following the LPT methodology to perform the penetration testing. He is assigned
a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information
about the different departments and business units. Martin was unable find any information.
What should Martin do to get the information he needs?
Martin should use website mirroring tools such as HTTrack Web Site Copier to find the company's internal URLs
Martin should use WayBackMachine in Archive.org to find the company's internal URLs
Martin should use email tracking tools such as eMailTrackerPro to find the company's internal URLs
Martin should use online services such as netCraft.com to find the company's internal URLs

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 6/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

In Linux, the etc/shadow file stores the real password in encrypted format for user accounts with added properties associated with the user's password. In the example of a fetc/shadow file entry below,
what does the Bold Redstring indicate?
vivek: $1$fnffc$GteyHdicpGOfffXX4Ow#5:13064:0::99999:7
Minimum number of days required between password changes
Number of days the user is warned before the expiration date
The number of days after which password must be changed
Last time the password changed

Identify the attack from the description below:

User A sends an ARP request to a switch
The switch broadcasts the ARP request in the network
An attacker eavesdrops on the ARP request and responds by spoofing as a legitimate user
The attacker sends his MAC address to User A

ARP poisoning
MAC spoofing
ARP injection
ARP flooding

Jason is working on a pentesting assignment. He is sending Customized ICMP packets to a host in the target network. However, the ping requests to the target failed with "ICMP Time Exceeded Type
= 11" error messages.
What can Jason do to overcome this error?
Increase the TTL value in the packets
Increase the ICMP header length
Increase the Window size in the packets
Set a Fragment Offset

Sarah is a pen tester at JK Hopes & Sons based in Las Vegas. As a part of the penetration testing, she was asked to perform the test without exposing the test to anyone else in the organization. Only a
few people in
the organization know about the test. This test covers the organization's security monitoring, incident identification and its response procedures. What kind of pen testing is Sarah performing?
Blind Testing
Announced Testing
Unannounced Testing
Double-blind Testing

Joe works as an engagement team lead with Xsecurity Inc. His pentesting team follows all the standard pentesting procedures, however, one of the team members inadvertently deletes a document
containing the client's sensitive information. The client issuing Xsecurity for damages.
Which part of the Penetration Testing Contract should Joe have written better to avoid this lawsuit?
Indemnification clause
Non-disclosure clause
Fees and project schedule
Objective of the penetration test

Martin is performing an internal pentest for one of his clients. The client has provided him with the necessary information. The scope of the test allows Martin to exploit the vulnerabilities discovered
during the vulnerability scans. He is permitted to attempt attacks including Denial-of-Service (DoS) and Buffer Overflow.
How can you categorize the scope of this pentest?
Black-box test
Destructive black-box test
Destructive test
Nondestructive black-box test

Identify the PRGA from the following screenshot:

Xsecurity Inc., has developed a web service program and wants to host it on its web server. However, before deploying the web service, management asked their security team to assess the security of
the web service against possible service attacks. George is working as the lead penetration tester on this assignment. To simulate a specific type of attack on the web service, he performed the
following activities:
Trapped the WSDL document from web service traffic and analyzed it in order to determine whether it is revealing the purpose of the application, entry points, functional breakdown, and
message types on web service

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 7/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Created a set of valid requests by selecting a set of operations, and formulated the request messages according to the rules of the XML schema that can be submitted to the web service
He then used these new requests to include malicious content in SOAP requests and analyzed any errors

What is he trying to do?

He is assessing the web service security against a MITM Attack
He is assessing the web service security against a Web Services Replay Attack
He is assessing the web service security against Web services Frobing Attacks
He is assessing the web service security against XPath Injection Attacks

In an attempt to assess the security Configuration of the firewall deployed on the client's network, you test whether a particular port on the firewall is open or closed. You use the hping utility with the
following syntax:
#hping-S-C1-p <port: CIPAddress> -t (TTL>
What response will indicate the particular part is allowed in the firewall?
TTL Exceeded
No Response
Host Unreachable
ICMP Fort Unreachable

Recently, Jakob was assigned a project to test the perimeter security of one of a client. As part of the project, Jakob wants to test whether or not a particular port on the firewall is open or closed. He
used the hping utility with the following syntax:
#hping –S -c1 -p <port> <CIPAddress> -t. <TTL>
What response will indicate the particular port is allowed in the firewall?
ICMP Port Unreachable
No Response
Host Unreachable
TTLExceeded

What is the objective of the following bash script?

It checks if an FTF port On a target machine is vulnerable to attacks

It checks if a target host has the FTP port open and quits
It gives a list of IP addresses that have an FTP port open
It tries to connect to FTP port on a target machine

Nancy Jones is a network admin at Society Technology Ltd. When she is trying to send data packets from One network (Token-ring) to another network (Ethernet), she receives an error message
stating:
‘Destination unreachable"
What is te reason behind this?
Packet transmission is not done properly
Packet is lost
Packet fragmentation is required
Packet contains image data

A month ago, Jason, a software developer at a reputed IT firm was surfing through his company's website. He was visiting random pages of the company's website and came to find confidential
information about the Company was posted on one of the web pages. Jason forgot to report the issue. Jason contacted John another member of the security Team and discussed the issue. John visited
the page but found nothing wrong.
What should John do to see past versions and pages of a website that Jason saw one month back?
John should run the Web Data Extractor tool to recover the old data
John should recover cached pages of the website from Google search engine cache
John should use SmartWhois to recover the old pages of the website
John can go to Archive.org to see past versions of the company website

Peter is working on a pen testing assignment. During the reconnaissance phase, Peter discovered that the client's SYSLOG systems are taken off for four hours on the second Saturday of every month
for maintenance. He wants to analyze the client's web pages for sensitive information without triggering their logging mechanism. There are hundreds of pages on the client's website and it is difficult
to analyze all the information in just four hours.
What will Peter do to analyze all the web pages in a stealthy manner?
Search the Internet, newsgroups, bulletin boards, and negative websites for information about the client
Use WayBackMachine
Use HTTTrack to mirror the complete website
Perform reverse DNS lookup

Adam is a senior penetration tester at XYZSecurity Inc. He is auditing a wireless network for Vulnerabilities. Before starting the audit, he wants to ensure that the wireless Card in his machine
supports injection. He decided to use the latest version of aircrack-ng tool.

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 8/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Which of the following Commands will help Adam check his wireless card for injection?
airodump-ng wlan0
aireplay-ng -9 wlan0
aireplay-ng -5 –b wlan0
airdecap-ing -3 wlan0

Arnold, is trying to gain access to a database by inserting exploited query statements with a WHERE clause. He wants to retrieve all the entries from a particular table (e.g. StudName) using the
WHERE clause. what query does Arnold need to write to retrieve the information?
SELECT * FROM StudName WHERE roll_number = " or '1'='1'
EXTRACT*FROM StudName WHERE roll_number = 1 order by 1000
DUMP*FROM StudName WHERE roll_number = 1 AND 1=1--
RETRIVE* FROM studName WHERE roll_number = 1"#

Victor is performing a wireless networkpen test. During a WEF test, he runs the following aircrack-ng Command:

What Victor is trying to achieve by this Command

Victor is trying to perform a Dos attack by disassociating a client from the access point
Victor is trying to associate his wireless card with the target access point
Victor is trying to generate traffic so that he can generate enough packets to crack the WEP key
Victor is trying to dump all the Wi-Fi traffic from a client to the access point in order to capture weak IVs

Jack, a network administrator is using snort as an additional layer of intrusion detection. He is running the following command:
Snort -dev –i 1
What is Jack trying to achieve?
Jack is running snort in TDS mode
Jack is working with snot in developer mode
Jack is running snort in sniffer mode
Jack is checking the logging mechanism of snort

As a part of the pentesting process, James performs a FIN scan as given below: Scan directed at open port: Client Server

What will be the response if the port is open?

FIN/ACK
RST
FIN/RST
No response

Arrange the WEF cracking process in the correct Order:

Analyze the screenshot below:

What the attacker is trying to achieve?

Stealing cookies using parameter tampering
Manipulating cookies using XSS attack
Manipulating Cookies using the CSRF attack
Stealing cookies using XSS attack

David is auditing the IDS systems deployed at one of his client organizations. During reconnaissance he realized the organization is using an outdated IDS system that does not reconstruct sessions
before performing any pattern matching on the data. He then sends several data packets to the IDS with a time delay and is successful in keeping the session active longer than the IDS will spend on
reassembling. With this the TDS stopped working and the packets David sent bypassed the TDS to reach the intended destination host.
Which of the following IDS evasion techniques was used?
Session Hijacking
Session Splicing
Session Extension

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 9/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Fragmentation

During a DHCP handshake in an IPv4 network, which of the following messages contains the actual IP addressing information for the clients to use?
SOLICIT
REPLY
DHCPDISCOVER
DHCPACK

A reputed ethical hacker and penetration testing consultant, was hired by Global Finance Services, to audit the security of their web applications. Sam is currently auditing the coding and logical issues
that might be
affecting the company's web applications. In the first step, he collected valid session ID values by sniffing traffic from authenticated users. By looking at the different requests, Sam realized the web
application is using a weak session ID generation mechanism and session IDs can be guessed easily.
Analyze some of the requests sniffed by Sam below:
http://www.juggyboy.com/view/JBEX2109201412
http://www.juggyboy.com/view/JBEX2109201424
http://www.juggyboy.com/view.JBEX21092.01436
http://www.juggyboy.com/view.JBEX21092O1448
Considering that the above sessions are generated by the web server in the same order, which of the following will be the next session generated by the server
http://www.juggyboy.com/view.JBEX20092014.72
http://www.juggyboy.com/view/JBEX2408201484
http://www.juggyboy.com/view.JBEX210920.1460
http://www.juggyboy.com/view.JBEX25092014.95

You are working on a pentesting assignment for National Healthcare Inc. The client has specifically asked you for a Data Use Agreement (DUA). What does it indicate?
You are working on a target that is not connected to the Internet
You are working with a publicly traded organization
You are working with a HIPPA compliant organization
The client organization does not want you to exploit vulnerabilities

John, a penetration tester and security auditor, was hired by XSecurity services. John was asked to perform a penetration test on the company's network. John discovers that a user from the HR
department had a dial-out modem installed. John wanted to check the organization's security policies to see whether the dial-out modems are allowed or not. Which of the following security policies
should John check?
User account policy
Firewall-management policy
Remote-access policy
Acceptable-use policy

An attacker injects malicious query strings in user input fields to bypass the web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?
Frame Injection Attack
XPath Injection Attack
SOAP Injection Attack
LDAP Injection Attack

Which of the following tasks is done after submitting the final pen testing report?
System patching and hardening
Exploiting vulnerabilities
Kick-off meeting
Mission briefing

Karen was running port scans on each machine of her network in order to identify suspicious ports on the target machines. She observed the following results during the port scan of a particular
machine.
Some of the ports were not being acknowledged, i.e. no acknowledgement from the target machine
Some ports were responding with SYN + ACK packets
Some ports were responding with a RST packet

What should she interpret for the ports that did not return the acknowledgment?
She should treat those ports as Closed ports
She should treat those ports as Open ports
She should treat those ports as Stealth ports
She should treat those ports as Half Open ports

Rebecca works as a Penetration Tester in a security service firm named Xsecurity. Rebecca placed a sniffer on a subnet residing deep inside the client's network. She used the Firewall tool to test the
security of the company's network firewall. After the test, when Rebecca checked the sniffer logs, she was unable to see any traffic produced by the Firewall tool.
What is the reason of for this?
https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 10/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Rebecca does not see any of the Firewall traffic because it sets all packets with a TTL of one.
Firewall cannot pass through firewalls,
She cannot see the traffic because Firewall sets all packets with a TTL of zero.
Network sniffers cannot detect firewall so that is why none of the traffic appears.

Frank is performing a wireless pen testing for an organization. Using different wireless attack techniques, he successfully cracked the WPA-PSKkey. He is trying to connect to the wireless network
using the WPA-PSK key. However, he is unable to connect to the WLAN as the target is using MAC filtering.
What would be the easiest way for Frank to circumvent this and connect to the WLANP
Use deauth command from aircrack-ng to deauthenticate a connected user and hijack the session
Attempt to crack the WEP key
Crack the Wi-Fi router login Credentials and disable the ACL
Sniff traffic off the WLAN and spoof his MAC address to the one that he has captured

Sandra, a wireless network auditor, discovered her client is using WEP. To prove the point that the WEP encryption packets, but could not read the content as the data is encrypted.
is very weak, she wants to decrypt some WEP packets. She successfully captured the WEP data
Which of the following will help Sandra decrypt the data packets without knowing the key
Fragmentation. Attack
ARP Poisoning Attack
Packet injection attack
Chopchop Attack

Kevin is auditing a cloud infrastructure for vulnerabilities. During the reconnaissance phase, he runs a Nmap scan that gives him the following information:

A company has recently witnessed a security breach and sensitive customer data was published online. Arnold has been specifically asked to check for the different ways insiders can pass data outside
of the company. In order to avoid IDs and data leakage prevention systems, Arnold hid some data in image files.
Which of following techniques is Arnold using to pass the data outside of the company?
Cryptography
HTTP tunneling
Insertion attack
Steganography

Which of the following is true about Full-duplex TCP service?

Full-duplex service allows data flow in each direction, independent of the other direction
Full-duplex is the only service that provides reliable data delivery
Full-duplex service allows sending information in both directions between two nodes, but only one direction or the other can be utilized at a time
Full-duplex services are the only services that provide error free delivery

Your firm has over 10 years of experience in pentesting and security auditing fields. The penetration testing team has a mix of qualified professionals from different domains. Your firm follows all the
standard engagement processes, but still there could be incidents that may jeopardize your firms interests in a pentesting engagement.
which of the following will be the best approach to protect your firm?
You should get the engagement letter wetted by your lawyer
You should obtain Liability and Errors and Omissions insurance
You should have a detailed ROE and well documented formal permission to start the engagement
You should get the confidentiality and non-disclosure agreements (NDAs) signed by the client

Analyze the ARP packet below and mark the correct statement.

It is an ARP request packet from a broadcast address to the requesting host

It is an ARF request packet from the requesting host to a broadcast address
It is a multicast ARP packet from a broadcast address to the other hosts in the network
It is a unicast ARP packet from responding host to the broadcast address

William, a penetration tester in a pen test firm, was asked to get the information about the SMTP server on a target network What does William need to do to get the SMTP server information?
Examine TCP sequence numbers
Look for information available in web page source code
Examine the session variables
Send an email message to a non-existing user of the target organization and check for bounced mailheader

Three transition mechanisms are available to deploy IPv6 on IPv4 networks. Which of the following is not an IPv6 transition mechanism?
Translation
Dual Stacks
Positive Acknowledgement and Retransmission (PAR)
Tunneling

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 11/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Mr. Smith works as a penetrating test engineer at Lucid security Services. Mr. Shan, a frustrated customer, Contacts the Company and informs them that he identified some unusual behavior with his
iPhone. After performing several tests, he concludes that the iPhone is Jailbroken.
Which permission status of the device root confirms that the device is jailbroken?
Only write permission
Neither Read nor write permission
ReadWrite permission
Only Read permission

Mobile Silicon Securities Ltd specializes in providing security services for mobile platforms. A client named Riya raised an issue, stating that her iPhone has been hacked. This issue was handed over
to the company's mobile penetrating test engineer, Jackson. He conducted a reverse engineering test on iOS application and determined that Objective-C runtime information stored in Mach-O files
was corrupted.
Which of the following Commandline utility did Jackson use to identify the issue?
class dump utility
ipash ME
Keychain
IDA disassembler

You are enumerating a target system. Which of the following Portory commands will give a result similar to the screenshot below:

ABC Bank, a UK-based bank hired Anthony, to perform a penetration test for the bank. Anthony began performing lookups on the bank's DNS servers, reading news articles online about the bank,
performing competitive intelligence gathering, watching what times the bank employees come and go, and searching the bank's job postings.
What phase of the penetration testing is the Anthony Currently in?
Post-attack phase
Pre-attack phase
Remediation phase
Attack phase

Henderson has completed the pen testing tasks. He is now Compiling the final report for the client. Henderson needs to include the result of scanning that revealed a SQL injection Vulnerability and
different SQL queries that he used to bypass web application authentication.
In which section of the pen testing report, should Henderson include this information in?
Methodology section
Executive summary section
General opinion section
Comprehensive technical report section

GenSec Inc, a UK-based Company, uses Oracle database to store all its data. The company also uses Oracle DataBase Vault to restrict user access to specific areas of their database. GenSec hired a
senior penetration
tester and security auditor named Victor to check the vulnerabilities of the Company's Oracle DataBase Vault. He was asked to find all the possible vulnerabilities that can bypass the company's Oracle
DB Vault. Victor tried different kinds of attacks to penetrate into the company's Oracle DB Vault and succeeded.
Which of the following attacks can help Victor to bypass GenSec's Oracle DB Vault
Man-in-the-Middle Attack
Denial-of-service Attack
Replay Attack
SQL Injection

Daniel is an ECSA Certified penetration tester who is an expert at performing penetration tests for mobile devices. He is working on a project where he needs to pentest iPhone devices for a Company.
As part of the job, Daniel wants to intercept the traffic of the iPhone mobile devices using the Charles proxy tool.
He installs the Charles proxy tool on a workstation and tries to configure the HTTP Proxy settings on a WiFi network in the iPhone's settings. During the configuration, he needs to enter a port number
on which Charles IS funn Ing.
Which of the following port number values does he need to enter to continue the configuration?
8008
8088
8888
8080

Depp Networks is a leader in providing ethical hacking services. They were tasked to examine the strength of a client network. After using a wide range of tests, they finally zeroed in on ICMP
tunneling to bypass the firewall.
What factor makes ICMP tunneling appropriate to bypass the firewall
Firewalls can mot inspect ICMP packets
Firewalls cannot handle the fragmented packets
Deep packet inspection
The payload portion is arbitrary and not examined by most firewalls

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 12/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Joseph, a penetration tester, was hired by Xsecurity Services. Joseph was asked to perform a pentest on a client's network. He was not provided with any information about the client organization
except the company name
Identify the type of testing Joseph is going to perform for the client organization?
Grey-box Penetration Testing
Black-box Penetration Testing
White-box Fenetration Testing
Announced Testing

A firm named SYS networks suffers from a wireless attack. They hired Mr. Shaw, a wireless penetration test engineer to rectify the problem. Mr. Shaw proceeds with the standard steps of wireless
penetrating testing. He was trying to Crack static WEF keys, where he first monitors the wireless traffic with airmon-ng tool and then tries to Collect the wireless traffic data using airodump-ng.
Which of the following airodump-ng Commands will help him to do this?

Which port does DHCP use for client connections?

UDP port 56
UDP port 59
UDP port 67
UDP port 68

The security team found the network switch has changed its behavior to learning mode and is functioning like a hub. The CAM table of the switch was filled with unnecessary traffic. Someone tried to
penetrate into the network space by attacking the network switches, They wrote a report and submitted to higher authorities.
What kind of an attack did the attackers perform against the network switch?
ARP Poisoning
DMS poisoning
MITM Attack
MAC Flooding

Kevin is trying to pen test an Android mobile device. He wants to extract the FIN and gesture key from the device. Kevin knows that the gesture.key and password.key hold the information that he is
looking for. He accesses the Android file system from an Android IDE but could not locate these files.
which of the following will allow Kevin to access these files and their Content?
Jailbreaking
Debugging
Rooting
Tethering

Mike, a security auditor, was asked to assess the network perimeter security deployed in the company's network. As a part of his assignment, he created a malicious file of 300 KB and used the
Colasoft Packet Builder tool to manipulate its header information to show the size of the packet data as 50 kB. He then sent the crafted packet to a target host inside the network.
What is Mike trying to achieve?
Bypass the sanity check at the IDS using resource exhaustion technique
Bypass the sanity check at the IDS by ending inconsistent packets
Bypass the sanity check at the IDS using insertion technique
Bypass the sanity check at the IDs using packet fragmentation technique

WinSoftech hired Steven a penetration tester to check if the Company's SQL database is vulnerable to attacks or not. He performed a penetration test on the company's database by appending an
additional SQL query after escaping the original query and found the database is vulnerable to SQL injection.
Which of the following SQL injection techniques is performed by Steven
Union Query Injection
Command Injection
Batch Query injection
Tautological injection

HDC Networks Ltd. is a leading security services company. Matthew works as a penetrating tester with this firm. He was asked to gather information about the target Company. Matthew begins with
social engineering by following the steps:
Secretly observes the target to gain critical information
Looks at employee's password or PIN code with the help of binoculars or a low-power telescope

Based on the above description, identify the information gathering technique.

Phishing
Tailgating
Dumpster diving
Shoulder surfing

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 13/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

JUA Networking Solutions is a group of certified ethical hacking professionals with a large client base. Stanley works as a penetrating tester at this firm. Future Group approached JUA for an internal
pen test. Stanley
performs various penetrating testing test sequences and gains information about the network resources and shares, routing tables, audit and service settings, SNMP and DNS details, machine names,
users and groups, applications and banners.
Identify the technique that gave Stanley this information.
Ping Sweeps
Port scanning
Sniffing
Enumeration

You are working on a pen testing assignment. Your client has asked for a document that shows them the detailed progress of the pen testing.
Which document is the client asking for
Rule of engagement with signatures of both the parties
Project plan with work breakdown structure
Scope of work (SOW) document
Engagement log

Which type of security policy is described by the configuration below:

Provides maximum security while allowing known, but necessary, dangers
All services are blocked; nothing is allowed
Safe and necessary services are enabled individually
Non-essential services and procedures that cannot be made safe are NOT allowed
Everything is logged

Prudent Policy
Promiscuous Policy
Paranoid Policy
Permissive Policy

Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users can upload their profile pictures. While scanning the page for
vulnerabilities, Richard found a file upload exploit on the website. Richard wants to test the web application by uploading a malicious PHP shell, but the web page denied the file upload. Trying to get
around the security, Richard
added the jpg' extension to the end of the file. The new file name ended with'.php.jpg. He then used the Burp suite tool and removed the jpg extension from the request while uploading the file. This
enabled him to successfully upload the PHP shell.
Which of the following techniques has Richard implemented to upload the PHP shell?
Session stealing
Cross site scripting
Cookie tampering
Parameter tampering

You work as a penetration tester for XSecCorp, a large security assessment firm based out of Atlanta. You have been assigned a project to test the strength of the IDS system deployed at a client's
internal network.
You run the Wireshark tool and observe a large number of SYN/ACK packets originating from an internal host and hitting a web server, but surprisingly, you could not find any SYN requests from the
web server to the host.
What will be the most likely reason for this?
The NIC card at the web server is running in promiscuous mode
The SYN/ACK traffic is false positive alerts generated by the IDs
The web server is experiencing a backscatter attack
The TCP implementation is vulnerable to a resource-exhaustion attack

Stuart is a database penetration tester working with Regional Server Technologies. He was asked by the company to identify vulnerabilities in its SQL database. Stuart wanted to perform a SQL
penetration by passing some SQL commands through a web application for execution and succeeded with a command using a wildcard attribute indicator.
Which of the following strings is a wildcard attribute indicator?
@variable
%
?Param1=foo&Param2=bar
@@Variable

Which of the following statements highlights the difference between a vulnerability assessment and a penetration test?
A Vulnerability assessment focuses on low severity Vulnerabilities and pentesting focuses on high severity vulnerabilities
A vulnerability assessment requires only automated tools to discover the vulnerabilities whereas pentesting also involves manual discovery of vulnerabilities.
A vulnerability assessment identifies and ranks the vulnerabilities, and a penetration test exploits the identified vulnerabilities for validation and to determine impact.
A vulnerability assessment is performed only on software components of an information system, whereas pentesting is performed on all hardware and software components of the system.

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 14/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

ABC Technologies, a large financial company, hired a penetration tester to do physical penetration testing. On the first day of his assessment, the penetration tester goes to the company posing as a
repairman and starts checking trash bins to Collect the sensitive information.
What is the penetration tester trying to do?
Trying to attempt social Engineering using phishing
Trying to attempt social engineering by shoulder Surfing
Trying to attempt social engineering by dumpster diving
Trying to attempt social engineering by eavesdropping

Matthew is working on a pen test engagement. In the vulnerability scanning phase, he has identified a vulnerability giving him remote access to the target machine. Matthew uses the Metasploit
framework and gains a meterpreter session on the target machine. However, when Matthew tries to dump the password hashes from the remote machine, he receives an error that permission is denied.
Which of the following Metasploit exploits escalate his privileges on the target machine?
exploit/windows/local/bypassuac
exploit/windows/smb/psexec
exploit/multi/handler
exploit/windows/dcepc/msQ03_026_dcom

You are joining a new organization as a WAPT Manager. Your predecessor informs you that the organization's Complete information security infrastructure is in the middle of a regular vulnerability
management life cycle. He prioritized the vulnerabilities in the system and you have to start with patching these vulnerabilities first.
Which phase of vulnerability management is the information system in now?
Vulnerability Assessment
Risk Assessment
Creating Baseline
Remediation

Joe, an ECSA certified professional, is working on a pen testing engagement for one of his SME clients. He discovered the host file in one of the Windows machines has the following entry:
213.65.172.55 microsoft.com
After performing a Whois lookup, Joe discovered the IP does not refer to Microsoft.com. The network admin denied modifying the host files.
Which type of attack does this scenario present?
DNS poisoning
MAC spoofing
Phishing
DNS starvation

Michel works as a penetration tester in a firm named ITSecurity inc. Recently, Michel was given an assignment to test the security of the firewalls deployed by a client. While conducting the test,
Michel found the company uses the OSI model for network communications. He also determined the firewall is only monitoring TCP handshaking of packets at the session layer to determine whether
a requested session is legitimate.
Identify the type of firewall used by the company?
Application level firewall
Packet filtering firewall
Circuit level gateway firewall
Stateful multilayer inspection firewall

Todd is working on an assignment involving auditing of a web service. The scanning phase reveals the web service is using an Oracle database server at the backend. He wants to check the TNS
Listener configuration file for configuration errors.
Which of following directory contains the TNS Listener configuration file, by default:
$ORACLE_HOME network/bin
$ORACLE_HOME/network
$ORACLE_HOME/bin
$ORACLE_HOME/network/admin

Consider the following Code:

If an attacker tricks a victim into clicking a link like this, and the Web application does not validate the input, the victim's browser will pop up an alert showing the users current set of cookies. An
attacker can do much more damage, including stealing passwords, resetting your home page or redirecting the user to another Web site. What is the Countermeasure against XSS scripting?

You have implemented DNSSEC on your primary internal DNS server to protect it from various DNS attacks. Network users Complained they are notable to resolve domain names to IP addresses at
certain times.
What could be the probable reason?
DNSSEC does not guarantee authenticity of a DNS response during an attack
DNSSEC does not provide protection against Denial of service (DoS) attacks
DNSSEC does not protect the integrity of a DNS response
DNSSEC does not guarantee the non-existence of a domain name or type

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 15/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

George, a reputed ethical hacker and penetration testing Consultant, was hired by FNB Services, a startup financial services Company, to audit the security of their web applications. During his
investigation, George
discovered that the company's website is vulnerable to blind SQL injection attacks, George, entered a custom SQL query in a form located on the vulnerable page which resulted in a back-end SQL
query similar to the one given below:

During penetration testing on some mobile devices. Steve discovered a suspicious application (apk) installed on a device that had permissions to access the device's camera, phonebook, storage, etc.
He then used code analysis tools to gather walauble information regarding the application's source code, proprietary IP, etc in an attempt to obtain the origin of the application.
which of the following techniques did steve implement, in order to obtain the latter information?
Reverse engineering
Reverse coding
Code encryption
Codesigning

Watson is a security analyst specialized in mobile penetration testing who works at Regional Secure Inc. The company's senior management asked him to check the company's mobile communication
network for vulnerabilities. He performed a penetration test and determined that the network is vulnerable to MITM attacks.
Which of the following mobile penetration tests did Watson execute to determine the attack
server-side Infrastructure Fen Testing
Android debug bridge Testing
Communication Channel Penetration Testing
Application Penetration Testing

You have just completed a database security audit and writing the draft pentesting report. Which of the following will you include in the recommendation section to enhance the security of the
database server?
Grant permissions to the public database role
Instal SQL Server on a domain controller
Install a Certificate to enable SSL connections
Allow direct catalog updates

Edward, a network administrator, was worried about a report of one employee using an FTP site to send confidential data out of the office. Edward intends to confront the suspect employee with
evidence he using FTP against the Company's security policies. Edward Sniffs the network traffic using the Wireshark tool.
Which Wireshark filter will display all the FTP packets originating from the suspect employee's machine?

Which of the following snort rules alert all ICMP packets from the Internet to a local network?

Frank is a senior security analyst at Roger Data Systems Inc. The company asked him to perform a database penetration test on its client network to determine whether the database is vulnerable to
attacks or not. The client did not reveal any information about the database they are using. As a pen tester Frank knows that each database runs on its own default port. So he started database port
scanning using the Nmap tool and tried different commands using default port numbers and succeeded with the following command.
Nmap –sU -p 1521 <client-ip-address.>
Identify the database used by the Company?
SQLite
Microsoft SQL Server
Oracle
MySQL

Henderson is a certified ethical hacker working as an information security manager at Digital Essence Ltd. The company uses Oracle (11g) database to store its data. As part of their database
penetration testing, he wants to check whether the Company's web applications are vulnerable to SQL injection attack or not. Henderson tried different sqL queries and discovered that it is vulnerable
to SQL injection attack by observing error message.
Which of the following SQL injection query Henderson can use to extract all usernames from the company's database?

Alisa is a Network Security Manager at Adios Cyber Security. During a regular network audit, she sent specially Crafted ICMP packet fragments with different offset values into the network, causing
a system crash.
Which attack is Alisa trying to perform?
Smurf attack
Fraggle attack
Ping-of-death attack
Session hijiacking

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 16/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

A large IT based company hired Gary, a penetration tester, to perform mobile penetration testing in the organization. Gary knows that mobile penetration testing requires rooting jailbreaking of mobile
devices. Gary observed that most of the employees in the organization are using iPhones.
Which of the following tools should Gary use to jailbreak the mobile devices?
Pangu
Superboot
One Click Root
SuperOneClick

Sam was asked to conduct penetration tests on one of the client's internal networks. As part of the testing process, Sam performed enumeration to gain information about computers belonging to a
domain list of shares on the individual hosts in the network policies and passwords,
Identify the enumeration technique.
NetBIOS Enumeration
NTP Enumeration
DNS Enumeration
SMTP Enumeration

Steven is performing a wireless network audit. As part of the engagement, he is trying to crack a WPA-PSK key. Steven has captured enough packets to run aircrack-ng and discover the key, but
aircrack-ng did not yield any result, as there were no authentication packets in the capture. Which of the following commands should Steven use to generate authentication packets?
airmon-ng start eth0
aircrack-ng.exe-a2-W capture. Cap
airodump-ng --write capture eth0
aireplay-ng --deauth 11 -a AA:BB:CC:DD:EE:FF

Dale is a penetration tester and security expert. He works at Sam Morison Inc. based in Detroit. He was assigned to do an external penetration testing on one of its clients. Before digging into the work,
we wanted to start with reconnaissance and grab some details about the organization. He used tools like NetCraft and SHODAN and grabbed the internal URLs of his client.
What information do the internal URLs provide?
Internal URLs provide an insight into various departments and business units in an organization
Internal URLs provide server related information
Internal URLs provide database related information
Internal URLs provide vulnerabilities of the organization

Jacob, a compliance officer with a top MNC based out of Florida, has received reports that a competitor of the company has used and branded some of its copyrighted software application codes. He
wants to pursue a case against the competitor.
Which of the following laws will Jacob specifically invoke in this case?
Sarbanes Oxley Act (SOX)
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (GLBA)
The Digital Millennium Copyright Act (DMCA)

Analyze the packet capture from Wireshark below and mark the correct statement.

It is an answer to the iterative query from Microsoft.com. DNS server

It is Host ( A record) DNS query message
It is a DNS response message
It is an invalid DNS query

National Insurance, a large insurance services provider based out of Atlanta, US, was worried about the security of their information assets due to an increase in the number of data breaches occurring
around the world. The company requested Anthony, to perform a comprehensive security audit of the company's information systems. Anthony, decided to Collect some preliminary information about
National Insurance's network.
During this phase, Anthony used the 45Bouncer utility to understand the Complexity of his new assignment.
What is Anthony trying to ascertain by using the 46Bouncer utility?
The use of mail servers in the company's network
Deployment of a honeypot in the Company's network
The use of IPv6 in the Company's network
The type of perimeter security solutions used in the company's network

Jakob is working on a web application pen testing assignment. He uses Burp proxy to create a directory map of the target web app. During the audit he intercepted a GET request with the following as
the Referrer parameter:

What should Jakob Suggest to his client to protect from these attacks?
Configure the Web Server to deny requests involving "hex encoded" characters
Use SSL authentication on Web Servers
Create rules in IDS to alert on strange Unicode requests
Enable Active Scripts Detection at the firewall and routers

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 17/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

Why is an appliance-based firewall more secure than those implemented on top of a commercial operating system (Software based)?
Hardware appliances do not suffer from security vulnerabilities associated with the underlying operating system
Operating system firewalls are highly configured
Appliance based firewalls cannot be upgraded
Firewalls implemented on a hardware firewall are highly scalable

David is working on a pen testing assignment as a junior consultant. His supervisor told him to test a web application for SQL injection. The supervisor also informed David the web application is
known to be vulnerable to the
"admin' OR" injection. When David tried this string, he received a WAF error message the input is not allowed
Which of following strings could David use instead of the above string to bypass the WAF filtering?
admin') or '1'=’--
‘or username like char(37);
‘union select
exec sp_addsrvrolemember 'name', 'sysadmin'

WallSec Inc. has faced several network security issues in the past and hired Williamson, a professional pentester, to audit its information systems. Before starting his work, Williamson, with the help of
his legal advisor, signed an agreement with his client. This agreement states that confidential information of the client should not be revealed outside of the engagement.
What is the name of the agreement that Williamson and his client signed?
Authorization letter
Non-disclosure agreement
TPOC agreement
Engagement letter

Thomas, is trying to simulate a SQL injection attack on his client's website. He is trying various strings provided in the SQL Injection Cheat Sheet. All of his SQL injection attack attempts failed and
he was unable to retrieve any information from the website's back-end database. Later, he discovered the TDS system deployed by his client is blocking all the SQL injection requests. Thomas decided
to bypass the TDs by slightly modifying the SQL injection queries as below:
Original query:

Which encoding techniques did he try to evade the IDS?

IDS evasion using hex encoding
IDS evasion using char encoding
IDS evasion using in-line comments
IDS evasion using obfuscated Code

Stanley, a pen tester needs to perform various tests to detect SQL injection vulnerabilities. He has to make a list of all input fields whose values could be used in Crafting a SQL que POST requests and
then test them separately, attempting to interfere with the query and cause an error to generate as a result.
In which of the following tests is the source Code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?
Source Code Testing
Dynamic Testing
Function Testing
Static Testing

Analyze the two TCP/IP packets below for a three-way handshake and identify the acknowledgement number in the next packet of the sequence.

12953
2744082
12954
2744081

Which of the following SQLMAF commands will allow you to test if a parameter in a target URL is vulnerable to SQL injection (injectable)?

Lee has established a new startup where they develop android applications. In order to meet memory requirements of the Company, Lee has hired a Cloud Service Provider, who offered memory space
along with virtual systems. Lee was dissatisfied with their service and wanted to move to another CSP, but was denied as a part of the contract, which reads that the user cannot switch to another CSP.
What is this condition called?
Virtualization
Lock-up
Lock-in
Resource Isolation

Adam is working as a senior penetration tester at Eon Tech Services Ltd. The Company asked him to perform penetration testing on their database. The Company informs Adam they use Microsoft
SQL Server. As a part of the penetration testing, Adam wants to know the complete information about the company's database. He uses the Nmap tool to get the information.
Which of the following Nmap commands will Adam use to get the information?

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 18/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

The TCP SYN Flood attack uses the three-way handshake mechanism.
I. An attacker at system. A sends a SYN packet to a victim at system B
II. System B sends a SYN/ACK packet to victim A
As a normal three-way handshake mechanism system. A sends an ACK packet to system B. However, system. A does not send an ACK packet to system B. In this case, client B is waiting for an ACK
packet from client A.
What is the status client B?
"Half-closed"
"Half-open"
"Full-open"
"Filtered"

Our local bank uses a firewall which monitors the internal network and filters the traffic The network team was hardening firewall rules over the weekend, they ignored a basic rule of making backups
of the firewall
configuration before beginning the work. The next day, users complained about a technical issue and unable to connect to some web sites. The network team troubleshooted the issue specifically to the
SSL-based web sites. When a web page is opened on any of the SSL-based sites, there is a message "your session cannot be established". The network engineer identified the issue was with the
firewall.
What should be done to remediate the issue without losing any of the work
Resetting the Firewal
Restoring the default policy rule set
Restoring the most recent backup of the firewall
Changing the firewall rule at the session layer

Karen is a Network engineer at ITSec, a reputed MNC based in Philadelphia, USA. She wants to retrieve the DNS records from the publicly available servers. She searched using Google for the
providers DNS Information and found the following sites:
http://www.dlnsstuff.com
https://dnsquery.org
Through these sites she got the DNS records information as she wished.
What information is contained in DNS records?
Information about local MAC addresses.
Information about the database sewers and its services.
Information such as mail server extensions, IP addresses etc.
Information about the DNS logs.

The Rhythm Networks Pvt Ltd firm is a group of ethical hackers. Rhythm Networks was asked by their client Zombie to identify how the attacker penetrated their firewall. Rhythm discovered the
attacker modified the addressing information of the IP packet header and the source address bits field to bypass the firewall.
What type of firewall bypassing technique was used by the attacker?
Anonymous Website surfing Sites
Source routing
Proxy Server
HTTP Tunneling

Richard is working on a web app pen testing assignment for one of his clients. After preliminary information, gathering and vulnerability scanning Richard runs the SQLMAP tool to extract the
database information. Which of the following commands will give Richard an output as shown in the screenshot?

Arrange the steps in the correct order for creating a firewall policy:
Prepare a cost-benefit analysis to secure the network application(s)
Create a network application traffic matrix to identify the protection method
Identify the network application(s) vulnerabilities
Identify the network applications that are of utmost importance
Create a firewall rule set which depends on the application's traffic matrix

What is the purpose of a Get-Out-of-Jail-Free card in a pen testing engagement?

It gives an understanding of the limitations, Constraints, liabilities, and indemnification considerations
It is a formal approval to start pen test engagement
It details standards and penalties imposed by federal, state, or local governments
It indemnifies the tester against any loss or damage that may result from the testing

An attacker has inserted ‘Integrated Security = true;’ to the end of the string in the hopes of connecting to the database using the OS account the web application is running to avoid normal
authentication:
Data source = mySource; Initial Catalog = db1; Integrated Security = no; user id = myName; ; Password = 123; Integrated Security = true;
What is attacker trying to do?
The attacker is performing Connection String Parameter Pollution (CSPP) attack
The attacker is checking the web application for XSRF attack

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 19/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

The attacker is performing Connection Pool DOS attack

The attacker is performing Connection string Injection attack

Jack, a network engineer, is working on IPv6 implementation for one of his clients. He deployed IPv6 on IPv4 networks using mechanism where a node can choose from IPv6 or IPv4 based on the
DNS value. This makes the network resources work simpler.
What kind of a technique did Jack use?
Translation
Filtering
Dual Stacks
Tunneling

Stuart has successfully cracked the WPA-PSK password during his wireless pen testing assignment. However, he is unable to connect to the access point using the password.
What could be the probable reason?
It is a rogue access point
The access point implements another layer of WEP encryption
The access point implements MAC filtering
The access point implement a signel jammer to protect from attacker

By trytograb di Februari 26, 2020 (2020-02-26T13:50:00-08:00)

~~

Tidak ada komentar:

Posting Komentar

Masukkan komentar Anda...

Beri komentar sebagai: Google Accou

Publikasikan Pratinjau

< Newer post Older post >

We Love You, Guys! E C S A E X A M PART 1 CINTAKU CUMA KAMU SAYANG ! Part 2 E C

SA

ECSA GUYS!
ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU
2020-02-27

We Love You, Guys! E C S A E X A M PART 1

2020-02-27

MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A

2020-02-26

CINTAKU CUMA KAMU SAYANG ! Part 2 E C S A

2020-02-26
https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 20/22
12/15/2020 MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

CUKIMAI KALI KAU INI ! Part 1 E C S A

2020-02-26

SECCIONS
 Module 07 Malware Threats 7
 Module 08 Sni ng 7
 SULTAN SULTAN 5

ABOUT
trytograb
Lihat pro l lengkapku

Cari Blog Ini

Telusuri

Diberdayakan oleh Blogger.

Blog Archive
Februari 2020 (5)
Januari 2020 (19)

Laporkan Penyalahgunaan

Popular Posts

CUKIMAI KALI KAU INI ! Part 1 E C S A

ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU

We Love You, Guys! E C S A E X A M PART 1

MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A

CINTAKU CUMA KAMU SAYANG ! Part 2 E C S A

I See Dead People 11

I See Dead People 12

I See Dead People 6

BTemplates.com

Blogroll
https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 21/22
12/15/2020
Blogroll MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A ~ Try to Grab

About

Beranda

Popular Photos
No posts found
CUKIMAI KALI KAU INI ! Part 1 E C S A

ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA

MMMMMMMMMMMM YUUHHUUUU Categories
We Love You, Guys! E C S A E X A M PART 1
 Module 07 Malware Threats
 Module 08 Sni ng
 SULTAN SULTAN
Archive
Februari (5)
Januari (19)

Comments
No comments found

About
This just a demo text widget, you can use it to create an about
text, for example.

Copyright © 2020 Try to Grab.  Designed by Blogger Templates, Chino Mandarín & 爱西班牙语

https://trytograb.blogspot.com/2020/02/mau-sheren-yeny-lukluk-apa-theresia.html 22/22